[conspire] deep drilling to get older monitor's refresh rates

Nick Moffitt nick at zork.net
Wed Dec 20 17:41:20 PST 2006


Rick Moen:
> Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):
> > Next time, type "file Envision.exe" under Linux, and if it reports
> > that it's really a zip file, just "unzip" it right on Linux.
> 
> In my experience, it _also_ sometimes works even if file reports
> something else -- some Zip archive just mutant enough to fool file,
> but still something unzip can handle.

This is a handy steganographic technique, actually.  Most file formats
rely on "magic number" bytes at the *beginning* of a file, but some
formats are designed either to survive errors or to serve dual purposes.
Since self-extracting zip archives are just a small special-purpose DOS
executable version of PKUNZIP.COM, the zip spec looks anywhere in the
first 150k for the start of a zip directory record.  

This has been used to great effect in data hunting puzzle games (ARGs,
as they like to call themselves when they're feeling particularly
snooty) to create PNG images that unzip to contain clues, or JPEG images
that play as MP3 audio files.  They're not playing any real special
games with the file format other than the ability to put a smallish
"first bytes" format at the front and a "later bytes" format after.

There are further brainteasing games you can play, like the folks who
made a GIF with Apple][-ish text containing gcc parameters and switches,
and then used the GIF comment fields to insert C preprocessor macros
that expanded the GIF data into compilable code.  This sort of thing
takes far more planning than "cat hint.png clues.zip > herring.png",
though.

-- 
Support your droogs!                          Nick Moffitt
                                        nick at teh.entar.net




More information about the conspire mailing list